[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Open Resolver Problems

On Mar 31, 2013, at 11:16 PM, Valdis.Kletnieks at vt.edu wrote:

> On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
>> On 3/29/13, Scott Noel-Hemming <frogstarr78 at gmail.com> wrote:
>>>> Some of us have both publicly-facing authoritative DNS, and inward
>>>> facing recursive servers that may be open resolvers but can't be
>>>> found via NS entries (so the IP addresses of those aren't exactly
>>>> publicly available info).
>>> Sounds like your making the faulty assumption that an attacker would use
>>> normal means to find your servers.
>> A distributed scan of the entire IPv4 <SNIP>
> Stop right there.
> Anybody who is looking at this as an IPv4 issue is woefully misinformed
> about the nature of the problem.


IPv4 it's easy to collect an inventory (the math works).  IPv6, not nearly as easy.

- Jared